The name of the some company turned out to be dangerous for sites that cannot properly process HTML and could provoke an XSS attack.
In the past, some organizations have used lines of code for fun, but at least one of them had to change it.
According to The Guardian, UK Companies House forced one of the consulting companies to change its name after it became known that it can be used to carry out XSS attacks on vulnerable pages, including the Companies House itself.
As it turned out, just by mentioning the name of the company, the website of the regulator could inadvertently compromise itself. Overall it was not a convenient situation for a government agency that initially approved the problematic name.
It is about the name: which is dangerous for sites that are not able to handle HTML formatting properly. Such sites may decide that the company name field is empty and run the script from the XSS Hunter site.
This script is quite harmless and simply displays a warning, but Companies House thought it was enough to oblige the company to change its name.
It is now called “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD”. According to the representatives of the Registration Chamber, they have taken measures to prevent the occurrence of similar situations in the future.
However, this is not the first such precedent.
It’s funny to see how a comic name with code elements can cause an avalanche of problems. However, this situation is also an example of how fragile Internet security can be.
If you can wreak havoc with just a fancy name, then site owners have a lot of work to do before they can be sure they are safe.
Let me remind you of another curious case in the field of information security: For eight years, the Cereals botnet existed for only one purpose: it downloaded anime.